SB2018030203 - Multiple vulnerabilities in Siemens SIMATIC, SIMOTION, and SINUMERIK

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2017-5712)

The vulnerability allows a remote administrator to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in Active Management Technology (AMT). A remote attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.

2) Buffer overflow (CVE-ID: CVE-2017-5705)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in kernel. A local attacker can send a specially crafted request, trigger memory corruption, execute arbitrary code and compromise the vulnerable system.

3) Buffer overflow (CVE-ID: CVE-2017-5706)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in kernel. A local attacker can send a specially crafted request, trigger memory corruption, execute arbitrary code an compromise the vulnerable system.

4) Privilege escalation (CVE-ID: CVE-2017-5707)

The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to multiple buffer overflows in kernel. A local attacker can execute arbitrary code with elevated privileges.

5) Buffer overflow (CVE-ID: CVE-2017-5711)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in Active Management Technology (AMT). A local attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.

6) Buffer overflow (CVE-ID: CVE-2017-5708)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in Active Management Technology (AMT). A local attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.

7) Privilege escalation (CVE-ID: CVE-2017-5709)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to unknown error. A local attacker can send a specially crafted request,gain elevated privileges and access privileged content.

8) Information disclosure (CVE-ID: CVE-2017-5710)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to multiple privilege escalations in kernel. A remote attacker can run unauthorized process to access privileged content via unspecified vector.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf